[PATCH] fuse: add control filesystem

  user.  NOTE: this is not the same as mounts allowed with the "user"

  option in /etc/fstab, which is not discussed here.

Filesystem connection:

  A connection between the filesystem daemon and the kernel.  The

  connection exists until either the daemon dies, or the filesystem is

  umounted.  Note that detaching (or lazy umounting) the filesystem

  does _not_ break the connection, in this case it will exist until

  the last reference to the filesystem is released.

Mount owner:

  The user who does the mounting.

  The default is infinite.  Note that the size of read requests is

  limited anyway to 32 pages (which is 128kbyte on i386).

Sysfs

~~~~~

Control filesystem

~~~~~~~~~~~~~~~~~~

There's a control filesystem for FUSE, which can be mounted by:

FUSE sets up the following hierarchy in sysfs:

  mount -t fusectl none /sys/fs/fuse/connections

  /sys/fs/fuse/connections/N/

Mounting it under the '/sys/fs/fuse/connections' directory makes it

backwards compatible with earlier versions.

where N is an increasing number allocated to each new connection.

Under the fuse control filesystem each connection has a directory

named by a unique number.

For each connection the following attributes are defined:

For each connection the following files exist within this directory:

 'waiting'

  connection.  This means that all waiting requests will be aborted an

  error returned for all aborted and new requests.

Only a privileged user may read or write these attributes.

Only the owner of the mount may read or write these files.

Aborting a filesystem connection

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  - Use forced umount (umount -f).  Works in all cases but only if

    filesystem is still attached (it hasn't been lazy unmounted)

  - Abort filesystem through the sysfs interface.  Most powerful

    method, always works.

  - Abort filesystem through the FUSE control filesystem.  Most

    powerful method, always works.

How do non-privileged mounts work?

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

obj-$(CONFIG_FUSE_FS) += fuse.o

fuse-objs := dev.o dir.o file.o inode.o

fuse-objs := dev.o dir.o file.o inode.o control.o

/*

  FUSE: Filesystem in Userspace

  Copyright (C) 2001-2006  Miklos Szeredi <miklos@szeredi.hu>

  This program can be distributed under the terms of the GNU GPL.

  See the file COPYING.

*/

#include "fuse_i.h"

#include <linux/init.h>

#include <linux/module.h>

#define FUSE_CTL_SUPER_MAGIC 0x65735543

/*

 * This is non-NULL when the single instance of the control filesystem

 * exists.  Protected by fuse_mutex

 */

static struct super_block *fuse_control_sb;

static struct fuse_conn *fuse_ctl_file_conn_get(struct file *file)

{

	struct fuse_conn *fc;

	mutex_lock(&fuse_mutex);

	fc = file->f_dentry->d_inode->u.generic_ip;

	if (fc)

		fc = fuse_conn_get(fc);

	mutex_unlock(&fuse_mutex);

	return fc;

}

static ssize_t fuse_conn_abort_write(struct file *file, const char __user *buf,

				     size_t count, loff_t *ppos)

{

	struct fuse_conn *fc = fuse_ctl_file_conn_get(file);

	if (fc) {

		fuse_abort_conn(fc);

		fuse_conn_put(fc);

	}

	return count;

}

static ssize_t fuse_conn_waiting_read(struct file *file, char __user *buf,

				      size_t len, loff_t *ppos)

{

	char tmp[32];

	size_t size;

	if (!*ppos) {

		struct fuse_conn *fc = fuse_ctl_file_conn_get(file);

		if (!fc)

			return 0;

		file->private_data=(void *)(long)atomic_read(&fc->num_waiting);

		fuse_conn_put(fc);

	}

	size = sprintf(tmp, "%ld\n", (long)file->private_data);

	return simple_read_from_buffer(buf, len, ppos, tmp, size);

}

static const struct file_operations fuse_ctl_abort_ops = {

	.open = nonseekable_open,

	.write = fuse_conn_abort_write,

};

static const struct file_operations fuse_ctl_waiting_ops = {

	.open = nonseekable_open,

	.read = fuse_conn_waiting_read,

};

static struct dentry *fuse_ctl_add_dentry(struct dentry *parent,

					  struct fuse_conn *fc,

					  const char *name,

					  int mode, int nlink,

					  struct inode_operations *iop,

					  const struct file_operations *fop)

{

	struct dentry *dentry;

	struct inode *inode;

	BUG_ON(fc->ctl_ndents >= FUSE_CTL_NUM_DENTRIES);

	dentry = d_alloc_name(parent, name);

	if (!dentry)

		return NULL;

	fc->ctl_dentry[fc->ctl_ndents++] = dentry;

	inode = new_inode(fuse_control_sb);

	if (!inode)

		return NULL;

	inode->i_mode = mode;

	inode->i_uid = fc->user_id;

	inode->i_gid = fc->group_id;

	inode->i_atime = inode->i_mtime = inode->i_ctime = CURRENT_TIME;

	/* setting ->i_op to NULL is not allowed */

	if (iop)

		inode->i_op = iop;

	inode->i_fop = fop;

	inode->i_nlink = nlink;

	inode->u.generic_ip = fc;

	d_add(dentry, inode);

	return dentry;

}

/*

 * Add a connection to the control filesystem (if it exists).  Caller

 * must host fuse_mutex

 */

int fuse_ctl_add_conn(struct fuse_conn *fc)

{

	struct dentry *parent;

	char name[32];

	if (!fuse_control_sb)

		return 0;

	parent = fuse_control_sb->s_root;

	parent->d_inode->i_nlink++;

	sprintf(name, "%llu", (unsigned long long) fc->id);

	parent = fuse_ctl_add_dentry(parent, fc, name, S_IFDIR | 0500, 2,

				     &simple_dir_inode_operations,

				     &simple_dir_operations);

	if (!parent)

		goto err;

	if (!fuse_ctl_add_dentry(parent, fc, "waiting", S_IFREG | 0400, 1,

				NULL, &fuse_ctl_waiting_ops) ||

	    !fuse_ctl_add_dentry(parent, fc, "abort", S_IFREG | 0200, 1,

				 NULL, &fuse_ctl_abort_ops))

		goto err;

	return 0;

 err:

	fuse_ctl_remove_conn(fc);

	return -ENOMEM;

}

/*

 * Remove a connection from the control filesystem (if it exists).

 * Caller must host fuse_mutex

 */

void fuse_ctl_remove_conn(struct fuse_conn *fc)

{

	int i;

	if (!fuse_control_sb)

		return;

	for (i = fc->ctl_ndents - 1; i >= 0; i--) {

		struct dentry *dentry = fc->ctl_dentry[i];

		dentry->d_inode->u.generic_ip = NULL;

		d_drop(dentry);

		dput(dentry);

	}

	fuse_control_sb->s_root->d_inode->i_nlink--;

}

static int fuse_ctl_fill_super(struct super_block *sb, void *data, int silent)

{

	struct tree_descr empty_descr = {""};

	struct fuse_conn *fc;

	int err;

	err = simple_fill_super(sb, FUSE_CTL_SUPER_MAGIC, &empty_descr);

	if (err)

		return err;

	mutex_lock(&fuse_mutex);

	BUG_ON(fuse_control_sb);

	fuse_control_sb = sb;

	list_for_each_entry(fc, &fuse_conn_list, entry) {

		err = fuse_ctl_add_conn(fc);

		if (err) {

			fuse_control_sb = NULL;

			mutex_unlock(&fuse_mutex);

			return err;

		}

	}

	mutex_unlock(&fuse_mutex);

	return 0;

}

static int fuse_ctl_get_sb(struct file_system_type *fs_type, int flags,

			const char *dev_name, void *raw_data,

			struct vfsmount *mnt)

{

	return get_sb_single(fs_type, flags, raw_data,

				fuse_ctl_fill_super, mnt);

}

static void fuse_ctl_kill_sb(struct super_block *sb)

{

	mutex_lock(&fuse_mutex);

	fuse_control_sb = NULL;

	mutex_unlock(&fuse_mutex);

	kill_litter_super(sb);

}

static struct file_system_type fuse_ctl_fs_type = {

	.owner		= THIS_MODULE,

	.name		= "fusectl",

	.get_sb		= fuse_ctl_get_sb,

	.kill_sb	= fuse_ctl_kill_sb,

};

int __init fuse_ctl_init(void)

{

	return register_filesystem(&fuse_ctl_fs_type);

}

void fuse_ctl_cleanup(void)

{

	unregister_filesystem(&fuse_ctl_fs_type);

}

		end_requests(fc, &fc->processing);

		spin_unlock(&fc->lock);

		fasync_helper(-1, file, 0, &fc->fasync);

		kobject_put(&fc->kobj);

		fuse_conn_put(fc);

	}

	return 0;

#include <linux/spinlock.h>

#include <linux/mm.h>

#include <linux/backing-dev.h>

#include <linux/mutex.h>

/** Max number of pages that can be used in a single read request */

#define FUSE_MAX_PAGES_PER_REQ 32

/** It could be as large as PATH_MAX, but would that have any uses? */

#define FUSE_NAME_MAX 1024

/** Number of dentries for each connection in the control filesystem */

#define FUSE_CTL_NUM_DENTRIES 3

/** If the FUSE_DEFAULT_PERMISSIONS flag is given, the filesystem

    module will check permissions based on the file mode.  Otherwise no

    permission checking is done in the kernel */

    doing the mount will be allowed to access the filesystem */

#define FUSE_ALLOW_OTHER         (1 << 1)

/** List of active connections */

extern struct list_head fuse_conn_list;

/** Global mutex protecting fuse_conn_list and the control filesystem */

extern struct mutex fuse_mutex;

/** FUSE inode */

struct fuse_inode {

	/** Lock protecting accessess to  members of this structure */

	spinlock_t lock;

	/** Refcount */

	atomic_t count;

	/** The user id for this mount */

	uid_t user_id;

	/** Backing dev info */

	struct backing_dev_info bdi;

	/** kobject */

	struct kobject kobj;

	/** Entry on the fuse_conn_list */

	struct list_head entry;

	/** Unique ID */

	u64 id;

	/** Dentries in the control filesystem */

	struct dentry *ctl_dentry[FUSE_CTL_NUM_DENTRIES];

	/** number of dentries used in the above array */

	int ctl_ndents;

	/** O_ASYNC requests */

	struct fasync_struct *fasync;

	return get_fuse_conn_super(inode->i_sb);

}

static inline struct fuse_conn *get_fuse_conn_kobj(struct kobject *obj)

{

	return container_of(obj, struct fuse_conn, kobj);

}

static inline struct fuse_inode *get_fuse_inode(struct inode *inode)

{

	return container_of(inode, struct fuse_inode, inode);

 */

void fuse_dev_cleanup(void);

int fuse_ctl_init(void);

void fuse_ctl_cleanup(void);

/**

 * Allocate a request

 */

 * Invalidate inode attributes

 */

void fuse_invalidate_attr(struct inode *inode);

/**

 * Acquire reference to fuse_conn

 */

struct fuse_conn *fuse_conn_get(struct fuse_conn *fc);

/**

 * Release reference to fuse_conn

 */

void fuse_conn_put(struct fuse_conn *fc);

/**

 * Add connection to control filesystem

 */

int fuse_ctl_add_conn(struct fuse_conn *fc);

/**

 * Remove connection from control filesystem

 */

void fuse_ctl_remove_conn(struct fuse_conn *fc);